Hi, On Mon, Nov 09, 2020 at 10:44:20AM -0300, Leonardo Rodrigues wrote: > Em 09/11/2020 06:32, Olivier CALVANO escreveu: > > I have a problem on a recent OpenVPN installation, the server asks > > clients to re-authenticate every hour, whether there is activity on > > the tunnel or not. > > > > How can I fix this problem? > > is this causing any problem ? Because it should not. Renegotiation > should just happen on the background and, despite on the logs, shouldn't > be noticed at all by the tunnel traffic.
If you authenticate with a one-time-password setup (2FA), you need to
enter a new password on every single key renegotiation, because the server
will do a full re-auth.
To improve on that, run the server with --auth-gen-token (with a reasonable
token lifetime). But do not combine with async auth plugins as of "now".
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
